The 64th most popular website in the world seems to have found a way to unblock ads without engaging users in block-screens and blackmail – a fact which may be of interest to the major publishing stable-mates in the Alexa top 100 who are also concerned about dying ad-click rates.

Pornhub.com has apparently succeeded in exploiting a loophole in the methods that adblockers use to hide advertisements. According to BugReplay, the hugely popular adult site is configured under Chrome to detect failed network requests for ads and, instead of triggering unfriendly messages and paywalls, to simply resend the ad content over a different protocol.

The post on the dodge explains that adblockers are expecting ad traffic to enter the page request via Chrome’s webRequest API. So when Pornhub detects a Chrome adblocker, it routes the commercial through the WebSocket channel – which Chrome enabled in 2009 – as a base64 encoded stream, which is then reconstructed on load. The writer observes that such content is usually a video, but an image was tested in the proof-of-concept, which you can see in action here.

ad-block-pornhub-bug-websocketv

On October 25th a Chromium contributor added a patch to the core which allows webRequest to block WebSockets – though it has not been committed yet.

The increasingly popular uBlock Origin adblocking extension has already patched the workaround. One contributor noted an earlier attempt by Pornhub to foil WebSocket protection by rendering a call invalid, writing ‘By the way, this is what pornhub is using as it’s hostname domain for WS – ws://ws.00zasdf.pw./nsoj…Notice that . at the end of the domain, that makes the domain invalid and that’s how it’s inserting ads on chrome since the past 48 hours…’

The Pornhub workaround does not seem to have any effect in Firefox, whose filter APIs include WebSockets by default. AdBlock Plus, notes BugReplay’s author, has – like uBlock – already addressed the issue with updates, but observes that the base AdBlock extension has not done this yet.

(UPDATE: At the time of writing (2/11/16 5pm GMT), Ben Williams, Head of Operations at Adblock Plus, has told The Stack “We’re aware of this problem, and are currently working on a solution to tackle this.” So BugReplay’s conviction about an ABP fix seems to be incorrect.)

Though porn is popularly associated with the military and videogames as one of the greatest forces for early technological advancement, it seems to have beaten all competitors in this case; if, inevitably, not for long. Sites may know how to recognise an adblocker from failed load requests, and perpetuate the current stalemate, but until someone learns how to serve advertising from localhost (I mean the server, not, as Microsoft once considered, the user’s machine), the war is set to continue.